We can see the problem if we just walk down through the XML and ask ourselves what search results each module is going to use to render its results.

You should also take a close read through the "framework_intro" page in Sideview utils, aka "Overview of the advanced XML". Make sure you're on the latest Sideview Utils from the Sideview site because this documentation doesn't exist in the older Splunkbase versions.

Anyway, as walk down from the top, the Pulldown of course will render itself from the first search. Thus the Pulldown's options become the values of the counter field.

Next up, well next up is the Timeline module.... So the Timeline will render it's timebuckets using the timebuckets of the counter search.... So the heatmap frequency and the timerange it's showing is all from that first search.

And if the user interacts with the Timeline, well that selected subrange for that job will be passed down, but next up is a Search module which clobbers our entire search and our entire timerange.

The solution is to simply reverse the nesting order of that Search module and the Timeline module.

There were also a number of tangles and little problems in the XML, so I've taken the liberty of cleaning it up. I've also updated conventions to those from the 2.X version of Sideview Utils - using valueField instead of the more cumbersome 'searchFieldsToDisplay' param, etc..

<module name="Search" layoutPanel="panel_row2_col1"  autoRun="True">
  <param name="search">sourcetype="Perfmon:*" host="$host1$" |dedup counter | table counter | sort + counter</param>
  <param name="earliest">-1h@h</param>
  <param name="latest">@m</param>

  <module name="Pulldown">
    <param name="name">counter</param>    
    <param name="label">Counter: </param>
    <param name="staticOptions">
      <list>
        <param name="label">% Disk Time</param>
        <param name="value">% Disk Time</param>
      </list>
    </param>
   <param name="valueField">counter</param>

   <module name="Search">
    <param name="search">sourcetype="Perfmon:*"  serverType="$serverType$" host="$host1$" counter="$counter$"|timechart  avg(Value) by host</param>
    <param name="earliest">-1h@h</param>
    <param name="latest">@m</param>

    <module name="Timeline">
      <param name="minimumStatusBuckets">50</param>

      <module name="HTML">
        <param name="html"><![CDATA[
        <p>The _raw data of events is being shown below for the related serverType. Filters are in place for user to select the host and counter<br>
          <b>$search$</b></p>
        ]]></param>
      </module>

      <module name="JobProgressIndicator"></module>

      <module name="EnablePreview">
        <param name="display">False</param>
        <param name="enable">True</param>
      </module>

      <module name="HiddenChartFormatter">
        <param name="charting.axisTitleX.text">Time</param>
        <param name="charting.axisTitleY.text">Utilization</param>
        <param name="charting.chart">line</param>
        <param name="charting.chart.nullValueMode">connect</param>
        <param name="charting.legend.placement">bottom</param>

        <module name="FlashChart">
          <param name="height">450px</param>
          <param name="width">100%</param>
        </module>
        <module name="ViewRedirectorLink">
          <param name="popup">false</param>
          <param name="viewTarget">flashtimeline</param>
        </module>                    
      </module>
    </module>
  </module>
</module>